CLAIM AMENDMENTS 



1 . (Original) A method for securely transferring data across an optical-switched 
(OS) network, comprising: 

distributing security keys to edge nodes in the OS network; 

encrypting, at a source edge node, data to be sent from the source edge node to a 
destination edge node, said data encrypted with a security key distributed to the source 
node; 

sending the data along a virtual lightpath between the source and destination 
edge nodes, the virtual lightpath spanning at least one lightpath segment; and 

decrypting, at the destination edge node, the encrypted data that are sent. 

2. (Original) The method of claim 1, wherein the OS network comprises an optical 
burst-switched (OBS) network. 

3. (Original) The method of claim 2, wherein the OBS network comprises a 
photonic burst-switched (PBS) network. 

4. (Original) The method of claim 2, wherein the PBS network comprises a 
wavelength-division multiplexed (WDM) PBS network. 

5. (Original) The method of claim 1, wherein the security keys are distributed by 
distributing a common decryption and encryption key pair to each of the edge nodes. 

6. (Original) The method of claim 1, wherein the security keys are distributed by: 
distributing a respective decryption key to each of the edge nodes, each 

respective decryption key being particular to its node; and 
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distributing respective sets of encryption keys to each node, each set of 
encryption keys for a given node including encryption keys corresponding to the 
decryption keys distributed to each of the other edge nodes. 



7. (Original) The method of claim 1, wherein the security keys are distributed by: 
distributing a respective private key to each of the edge nodes, each respective 

private key being particular to its node; and 

distributing respective sets of digital certificates sets to each node, each set of 
digital certificates for a given node containing a set of public keys corresponding to the 
private keys distributed to each of the other edge nodes. 

8. (Original) The method of claim 6, fiirther comprising self-generating the digital 
certificates. 

9. (Original) The method of claim 8, further comprising: 
for each edge node, 

self-generating an digital certificate containing a pubUc key that is asymmetric to 
the private key for the edge node; and 

sending the digital certificate to each of the other edge nodes. 

10. (Original) The method of claim 9, fiirther comprising: 
for at least one node, 

generating a private key for the edge node via key-generation facilities provided 
by the edge node; and 

generating the public key for the edge node via the key-generation facilities. 

1 1 . (Original) The method of claim 7, fiirther comprising: 
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sending security data to a certificate authority, the security data defining pubHc 
keys that are to be included in respective digital certificates; and 

receiving authenticated digital certificates fi*om the certificate authority. 

12. (Original) The method of claim 11, wherein the security data is sent firom an 
administrator of the OBS network. 

13. (Original) The method of claim 9, fiirther comprising: 
generating a respective set of security data at each edge node; and 

sending the respective set of security data firom each edge node to the certificate 
authority. 

14. (Original) The method of claim 1, fiirther comprising sending security keys to the 
edge nodes using a communication channel that is extemal to the OBS network to 
distribute the security keys. 

15. (Original) The method of claim 1, fiirther comprising sending security keys to the 
edge nodes using an out-of-band channel of the OBS network to distribute the security 
keys. 

16. (Original) The method of claim 15, fiirther comprising sending security data via a 
control burst for the OBS network, the security data including one or more security keys 
or containing information from which one or more security keys can be derived. 

17. (Original) The method of claim 1, fiirther comprising sending information to 

each edge node identifying at least one of an encryption algorithm and decryption 

algorithm to be employed to encrypt and/or decrypt the data via the security keys. 
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18. (Original) The method of claim 17, further comprising sending encryption and/or 
decryption code to an edge node, the encryption and/or decryption code to be executed 
to perform encryption and/or decryption operations. 

19. (Original) A machine-readable medium to provide instructions, which when 
executed by a processor in a source edge node of an optical switched (OS) network 
cause the source edge node to perform operations including: 

encrypting data to be sent to a destination edge node; 

generating a control burst, the control burst containing information to reserve 
network resources to form a virtual lightpath between the source edge node and the 
destination edge node during a scheduled timeslot, the virtual lightpath including at least 
one lightpath segment; 

embedding information in the control burst identifying one or more data bursts to 
be sent from the edge node to the destination edge node will be encrypted; 

sending the control burst to a first hop along the virtual lightpath, the first hop 
comprising one of a switching node or the destination edge node; and 

sending said one or more data bursts containing the data that are encrypted to the 
first hop along the virtual lightpath during the scheduled timeslot. 

20. (Original) The machine-readable medium of claim 19, wherein execution of the 
instructions further perform the operation of sending an encryption key to each of a 
plurality of edge nodes in the OS network. 

21. (Original) The machine-readable medium of claim 20, wherein execution of the 
instructions performs the operation of sending the encryption key to an edge node by: 
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generating a control burst containing security data including the encryption key 
or data from which the encryption key can be derived; and 

sending the control burst to a first hop along a virtual lightpath couphng the edge 
node sending the control burst to and edge node receiving the control burst, the first hop 
comprising one of the edge node receiving the control burst or a switching node. 

22. (Original) The machine-readable medium of claim 21, wherein the security data 
include an digital certificate. 

23. (Original) The machine-readable medium of claim 22, wherein execution of the 
instructions performs the fiirther operation of generating a self-signed digital certificate. 

24. (Original) The machine-readable medium of claim 21, wherein the security data 
include one of information identifying an encryption algorithm used to encrypt the data 
or executable code that may be used to decrypt the certificate. 

25. (Original) The machine-readable medium of claim 20, wherein an encryption key 
is sent to an edge node via a commimication channel that is extemal from the OS 
network. 

26. (Original) The machine-readable medium of claim 19, wherein execution of the 
instructions performs fiirther operations including: 

generating an encryption key, the encryption key to be used to encrypt the data; 

and 

generating a decryption key corresponding to the encryption key. 
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27. (Original) The machine-readable medium of claim 19, wherein execution of the 
instructions performs further operations including: 

generating security data including the decryption key and identifjdng the 
decryption key as a public key, the security data comprising data from which an digital 
certificate may be issued; and 

sending the security data to a certificate authority. 

28. -38. (Cancelled) 
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